A Total Meltdown, In Layman’s Terms

A hardware flaw has been discovered in all Intel processors produced in the past decade. That’s every computer with an Intel CPU you’ve bought since 2008! In layman’s terms, the flaw allows even in-browser Javascript or some other nefarious code on the user privilege level to execute arbitrary code on the kernel level.
The actual details of this bug are quickly becoming more well-known after The Register’s reporting spurred awareness. The bug is known as “Meltdown.”

Intel CPUs have been using a special trick to jump back and forth between this machine code and user-level commands quickly enough to keep up the pace with the user’s demands. Unfortunately, this shortcut also leaves the door open for just long enough for a sufficiently-determined someone or something to sneak through, sift through the kernel memory, or even execute arbitrary code on the kernel level.

The Lord of the Rings

The deepest, highest-privileged, and most-private section of your computer is the kernel. To you, the user, the kernel is akin to a god, invisible and omnipotent as it looks down on you and answers your prayers. You can go through your life using your computer without caring so much that the kernel exists, but its existence ties the universe together.

The most devastating security holes in computer systems take this invisible and distant god and drag it down to earth. It’s just like the classic Joan Osborne song that asks “What if God was one of us…” only significantly more frightening.

Your computer’s ecosystem is divided into tiers of privilege known as “Rings.” The lower the ring, the higher the privilege. The kernel lives on Ring 0; you, the humble user, live on Ring 3. Ring 0 is the Asgard to your Midgard.

Learn more about user and kernel mode
Transitioning from kernel mode (working in Ring 0) to user mode (working in Ring 3) takes effort. To boost performance, Intel came up with a way to jump between the two. However, this method exposes the kernel’s memory space to user code. Within that memory space one may find:

Passwords

Login keys

Cached files

As well as other potentially-sensitive data. This data could be mined by malware and used to further compromise your system.

Thunder Strikes Twice

We’ve talked in October 2017 about how hardware flaws can let intruders sneak into lower rings and compromise systems in our blog post on the Thunderstrike exploit which affected Mac computers. In the case of Thunderstrike, a flaw potentially allowed access to rings even lower than Ring 0.

This Intel bug, now known as Meltdown, is probably bigger and more worthy of your concern than Thunderstrike.

Your system is more likely to be compromised. Between Meltdown and Spectre virtually all Intel and AMD processors, along with a small but significant subset of ARM processors, can fall victim to these cache-timing side-channel exploits.

And that includes the big names, not just home users. Even platforms such as Amazon EC2, Microsoft Azure, and Google Compute Engine will feel the impact.

A Painful Patch

The only fix for the bug is a more solid wall between the kernel and the user space… which prevents Intel CPUs from switching rapidly between the two rings. Patches for Windows, Mac, and Linux kernels will close the backdoor Intel CPUs have been using. Unfortunately, by cutting off the CPU from its handy shortcut, the processor’s performance suffers. Any Intel processor produced in the past decade could potentially see a performance reduction of anywhere from five to thirty percent depending on the specific model of processor. Linux users who have already patched their systems have documented these performance hits. However, the most recent updates for macOS Sierra and High Sierra do not seem to have noticeably affected CPU performance, and Intel is downplaying the effect of patches on CPU performance.

Imagine what a performance decrease of up to 30 percent could mean for large data centers such as those owned by Amazon or Facebook.

Tech journalist Bryan Lunduke finds what could be a dig at Intel in a recent Linux kernel patch

Microsoft and Apple have yet to release kernel patches to resolve this issue, but they could come very soon. If you are a Mac or PC user, the next automatic update will likely include these kernel patches, so be sure not to sleep on them (I know how we all like to put off updates until they’re more convenient).

While this bug, now known as “Meltdown,” only affects Intel processors, a similar vulnerability dubbed “Spectre” affects Intel, AMD, and ARM processors, effectively putting every computer and mobile device at risk. Spectre is a result of modern CPU architecture and will be much harder to patch than Meltdown, although it is also more difficult to take advantage of than Meltdown.

Gillware will keep an eye out for future fixes to Meltdown and update this post when more information becomes available.

UPDATE 1-4-2018:

Meltdown and Spectre together affect virtually all modern processors and computing devices.